× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a82b357772610e3d72e2615082dec99e5ae89f4e459b393d53c54de06fbe49a
File name: oink.exe
Detection ratio: 5 / 42
Analysis date: 2012-06-26 01:20:27 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.Winlock.6173 20120626
Kaspersky Trojan.Win32.Buzus.ltnk 20120626
McAfee PWS-Zbot.gen.afr 20120626
NOD32 a variant of Win32/Kryptik.AHJB 20120625
Symantec Suspicious.Cloud.5 20120626
AhnLab-V3 20120625
AntiVir 20120626
Antiy-AVL 20120626
Avast 20120625
AVG 20120625
BitDefender 20120626
ByteHero 20120618
CAT-QuickHeal 20120625
ClamAV 20120625
Commtouch 20120626
Comodo 20120626
Emsisoft 20120626
eSafe 20120624
F-Prot 20120626
F-Secure 20120625
Fortinet 20120626
GData 20120626
Ikarus 20120626
Jiangmin 20120625
K7AntiVirus 20120625
McAfee-GW-Edition 20120625
Microsoft 20120625
Norman 20120625
nProtect 20120626
Panda 20120625
PCTools 20120626
Rising 20120621
Sophos AV 20120626
SUPERAntiSpyware 20120624
TheHacker 20120625
TotalDefense 20120625
TrendMicro 20120626
TrendMicro-HouseCall 20120625
VBA32 20120625
VIPRE 20120625
ViRobot 20120625
VirusBuster 20120625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product yyyyytjjtyjttyj
Original name uujujjjujtyytyjtyjtyjtj
Internal name eerrrrghghthtyhty
File version 2.0
Description ggghythtyhtyhtyh
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-25 05:37:21
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
HeapFree
GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
HeapAlloc
HeapReAlloc
memset
strlen
memcpy
CallWindowProcA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x1000

OriginalFileName
uujujjjujtyytyjtyjtyjtj

MIMEType
application/octet-stream

FileVersion
2.0

TimeStamp
2012:06:25 06:37:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
eerrrrghghthtyhty

ProductVersion
ergrggggergerg

FileDescription
ggghythtyhtyhtyh

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
tttthtrhthth

CodeSize
18432

ProductName
yyyyytjjtyjttyj

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 28c200b6192dcc80871e3b00daa4d204
SHA1 2885dcf441978af704e6d9d47bd62411c6280a82
SHA256 2a82b357772610e3d72e2615082dec99e5ae89f4e459b393d53c54de06fbe49a
ssdeep
768:QzuNa86808w8V888M8E8J8E83ReKOSYDrxuB7ItKppsDQBaKF78:QzuNazbhYhvpCpKR3OSYHxvmsDQBa+

authentihash fbccdd015ebed647acca7b327e5921cd255f8bf0c975753d2f5d8549b1488915
imphash 8016cd0a03a8c17b1fcb8fd3419eb5a4
File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-25 21:45:46 UTC ( 6 years, 8 months ago )
Last submission 2016-01-12 23:31:52 UTC ( 3 years, 2 months ago )
File names tempfiles.exe
28c200b6192dcc80871e3b00daa4d204
2a82b357772610e3d72e2615082dec99e5ae89f4e459b393d53c54de06fbe49a.vir
eerrrrghghthtyhty
oink.exe
uujujjjujtyytyjtyjtyjtj
tempfiles.exe=
file
EqFnr9.mht
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F3AEZGB.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!